Online Security Challenge: Authenticating Global User Base
Before the internet boom, companies and institutions had very little to worry over the identity and authentication of their customers and users. With consumers almost always being physically at the point of sale or service consumption, fake profiles and online identity scams were not a concern.
Since then, many aspects of everyday life migrated online. A growing portion of transactions, purchases and social interactions are carried out over the internet, with participants physically detached from the company or institution providing the service.
According to Statista, in 2013, 191.1 million U.S. citizens were online shoppers and had browsed products, compared prices or bought merchandise online at least once. The figure is expected to surpass 200 million in 2015. In China, the number of online shoppers increased from 33.57 million in 2006 to over 360 million in 2014. In 2013, online commerce transactions in China reached approximately 1.84 trillion yuan.
Businesses and consumers rely on a growing number of online profiles, web interfaces and mobile apps – for banking, booking, placing orders, communication or dating. This benefits consumers greatly, but also poses a challenge to businesses.
For companies with large, international and exclusively online user bases, such as social networks, e-commerce sites or cloud providers, things seem to be even more complicated. One of the pressing questions to resolve in any of the ventures of this kind is when and how to allow access to the online service, i.e. establish that the user trying to access the service really should be allowed access.
Username/password combination is one possible solution, but as each of us has as many as four, five or more online profiles, users tend to ignore the recommended practice of having a different password for each account. This increases the risk of a security breach and puts both the user and the company in a tight spot.
One of the ways to combat “password laziness” is to issue every user with a dedicated hardware token as a second authentication factor, but that could be prohibitively complicated. Deploying a key fob to a global user base can easily turn into a nightmare in terms of logistics even more than costs, and that’s where a different method to deliver 2-factor authentication comes in – SMS messaging.
Professional SMS emerged as a convenient component of 2-factor authentication, the only one able to reliably deliver one-time PINs (OTPs) to a global audience. The OTP serves as an additional credential for logging into an online service to dispel any doubts as to user identity and prevent frauds, hacks or phishing. The online account is tied to the mobile number of the user, which is also used as the number to which OTP is delivered, effectively proving the identity.
Delivery of OTPs in SMS messages covers several crucial points for internet-based companies. It has global coverage that doesn’t depend on a data connection, it’s supported by all types of mobile phones, and users are accustomed to SMS messaging. The costs of SMS are comparatively the lowest, and perhaps most importantly, APIs are the standard for a seamless integration into any system.
Read more on how to ensure OTP delivery and boost conversion with number validation service.